diff options
Diffstat (limited to 'server/lib')
-rw-r--r-- | server/lib/auth.ts | 7 | ||||
-rw-r--r-- | server/lib/client-html.ts | 11 |
2 files changed, 10 insertions, 8 deletions
diff --git a/server/lib/auth.ts b/server/lib/auth.ts index acf0da18a..466c9bdd4 100644 --- a/server/lib/auth.ts +++ b/server/lib/auth.ts | |||
@@ -13,6 +13,7 @@ import { | |||
13 | } from '@server/types/plugins/register-server-auth.model' | 13 | } from '@server/types/plugins/register-server-auth.model' |
14 | import * as express from 'express' | 14 | import * as express from 'express' |
15 | import * as OAuthServer from 'express-oauth-server' | 15 | import * as OAuthServer from 'express-oauth-server' |
16 | import { HttpStatusCode } from '@shared/core-utils/miscs/http-error-codes' | ||
16 | 17 | ||
17 | const oAuthServer = new OAuthServer({ | 18 | const oAuthServer = new OAuthServer({ |
18 | useErrorHandler: true, | 19 | useErrorHandler: true, |
@@ -215,7 +216,7 @@ function proxifyExternalAuthBypass (req: express.Request, res: express.Response) | |||
215 | const obj = authBypassTokens.get(req.body.externalAuthToken) | 216 | const obj = authBypassTokens.get(req.body.externalAuthToken) |
216 | if (!obj) { | 217 | if (!obj) { |
217 | logger.error('Cannot authenticate user with unknown bypass token') | 218 | logger.error('Cannot authenticate user with unknown bypass token') |
218 | return res.sendStatus(400) | 219 | return res.sendStatus(HttpStatusCode.BAD_REQUEST_400) |
219 | } | 220 | } |
220 | 221 | ||
221 | const { expires, user, authName, npmName } = obj | 222 | const { expires, user, authName, npmName } = obj |
@@ -223,12 +224,12 @@ function proxifyExternalAuthBypass (req: express.Request, res: express.Response) | |||
223 | const now = new Date() | 224 | const now = new Date() |
224 | if (now.getTime() > expires.getTime()) { | 225 | if (now.getTime() > expires.getTime()) { |
225 | logger.error('Cannot authenticate user with an expired external auth token') | 226 | logger.error('Cannot authenticate user with an expired external auth token') |
226 | return res.sendStatus(400) | 227 | return res.sendStatus(HttpStatusCode.BAD_REQUEST_400) |
227 | } | 228 | } |
228 | 229 | ||
229 | if (user.username !== req.body.username) { | 230 | if (user.username !== req.body.username) { |
230 | logger.error('Cannot authenticate user %s with invalid username %s.', req.body.username) | 231 | logger.error('Cannot authenticate user %s with invalid username %s.', req.body.username) |
231 | return res.sendStatus(400) | 232 | return res.sendStatus(HttpStatusCode.BAD_REQUEST_400) |
232 | } | 233 | } |
233 | 234 | ||
234 | // Bypass oauth library validation | 235 | // Bypass oauth library validation |
diff --git a/server/lib/client-html.ts b/server/lib/client-html.ts index 7d1d19588..a1a4a5316 100644 --- a/server/lib/client-html.ts +++ b/server/lib/client-html.ts | |||
@@ -22,6 +22,7 @@ import * as Bluebird from 'bluebird' | |||
22 | import { CONFIG } from '../initializers/config' | 22 | import { CONFIG } from '../initializers/config' |
23 | import { logger } from '../helpers/logger' | 23 | import { logger } from '../helpers/logger' |
24 | import { MAccountActor, MChannelActor } from '../types/models' | 24 | import { MAccountActor, MChannelActor } from '../types/models' |
25 | import { HttpStatusCode } from '../../shared/core-utils/miscs/http-error-codes' | ||
25 | 26 | ||
26 | type Tags = { | 27 | type Tags = { |
27 | ogType: string | 28 | ogType: string |
@@ -75,7 +76,7 @@ export class ClientHtml { | |||
75 | static async getWatchHTMLPage (videoId: string, req: express.Request, res: express.Response) { | 76 | static async getWatchHTMLPage (videoId: string, req: express.Request, res: express.Response) { |
76 | // Let Angular application handle errors | 77 | // Let Angular application handle errors |
77 | if (!validator.isInt(videoId) && !validator.isUUID(videoId, 4)) { | 78 | if (!validator.isInt(videoId) && !validator.isUUID(videoId, 4)) { |
78 | res.status(404) | 79 | res.status(HttpStatusCode.NOT_FOUND_404) |
79 | return ClientHtml.getIndexHTML(req, res) | 80 | return ClientHtml.getIndexHTML(req, res) |
80 | } | 81 | } |
81 | 82 | ||
@@ -86,7 +87,7 @@ export class ClientHtml { | |||
86 | 87 | ||
87 | // Let Angular application handle errors | 88 | // Let Angular application handle errors |
88 | if (!video || video.privacy === VideoPrivacy.PRIVATE || video.privacy === VideoPrivacy.INTERNAL || video.VideoBlacklist) { | 89 | if (!video || video.privacy === VideoPrivacy.PRIVATE || video.privacy === VideoPrivacy.INTERNAL || video.VideoBlacklist) { |
89 | res.status(404) | 90 | res.status(HttpStatusCode.NOT_FOUND_404) |
90 | return html | 91 | return html |
91 | } | 92 | } |
92 | 93 | ||
@@ -121,7 +122,7 @@ export class ClientHtml { | |||
121 | static async getWatchPlaylistHTMLPage (videoPlaylistId: string, req: express.Request, res: express.Response) { | 122 | static async getWatchPlaylistHTMLPage (videoPlaylistId: string, req: express.Request, res: express.Response) { |
122 | // Let Angular application handle errors | 123 | // Let Angular application handle errors |
123 | if (!validator.isInt(videoPlaylistId) && !validator.isUUID(videoPlaylistId, 4)) { | 124 | if (!validator.isInt(videoPlaylistId) && !validator.isUUID(videoPlaylistId, 4)) { |
124 | res.status(404) | 125 | res.status(HttpStatusCode.NOT_FOUND_404) |
125 | return ClientHtml.getIndexHTML(req, res) | 126 | return ClientHtml.getIndexHTML(req, res) |
126 | } | 127 | } |
127 | 128 | ||
@@ -132,7 +133,7 @@ export class ClientHtml { | |||
132 | 133 | ||
133 | // Let Angular application handle errors | 134 | // Let Angular application handle errors |
134 | if (!videoPlaylist || videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) { | 135 | if (!videoPlaylist || videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) { |
135 | res.status(404) | 136 | res.status(HttpStatusCode.NOT_FOUND_404) |
136 | return html | 137 | return html |
137 | } | 138 | } |
138 | 139 | ||
@@ -201,7 +202,7 @@ export class ClientHtml { | |||
201 | 202 | ||
202 | // Let Angular application handle errors | 203 | // Let Angular application handle errors |
203 | if (!entity) { | 204 | if (!entity) { |
204 | res.status(404) | 205 | res.status(HttpStatusCode.NOT_FOUND_404) |
205 | return ClientHtml.getIndexHTML(req, res) | 206 | return ClientHtml.getIndexHTML(req, res) |
206 | } | 207 | } |
207 | 208 | ||